pyramid.security
¶
Authentication API Functions¶
Authorization API Functions¶
Constants¶
-
Everyone
¶ The special principal id named ‘Everyone’. This principal id is granted to all requests. Its actual value is the string ‘system.Everyone’.
-
Authenticated
¶ The special principal id named ‘Authenticated’. This principal id is granted to all requests which contain any other non-Everyone principal id (according to the authentication policy). Its actual value is the string ‘system.Authenticated’.
-
ALL_PERMISSIONS
¶ An object that can be used as the
permission
member of an ACE which matches all permissions unconditionally. For example, an ACE that usesALL_PERMISSIONS
might be composed like so:('Deny', 'system.Everyone', ALL_PERMISSIONS)
.
-
DENY_ALL
¶ A convenience shorthand ACE that defines
('Deny', 'system.Everyone', ALL_PERMISSIONS)
. This is often used as the last ACE in an ACL in systems that use an “inheriting” security policy, representing the concept “don’t inherit any other ACEs”.
Return Values¶
-
Allow
¶ The ACE “action” (the first element in an ACE e.g.
(Allow, Everyone, 'read')
that means allow access. A sequence of ACEs makes up an ACL. It is a string, and it’s actual value is “Allow”.
-
Deny
¶ The ACE “action” (the first element in an ACE e.g.
(Deny, 'george', 'read')
that means deny access. A sequence of ACEs makes up an ACL. It is a string, and it’s actual value is “Deny”.